H.R. 5595, the National FFA Organization’s Charter Amendments Act, makes updates to allow the National FFA to be a self-governing organization while maintaining its long-held relationship with the U.S. Department of Education.

As the charter currently reads, the Department of Education holds the majority of the seats on the National FFA’s Board of Directors.

“FFA is the cornerstone of our rural communities throughout the nation,” Thompson said.

“In its 90-year history, the FFA has been a leader in preparing American youth for careers in the agriculture industry. This bipartisan bill will modernize the charter to ensure FFA can take control of its own organization and it can continue to inspire generations of young agriculture leaders.

“I thank my friend Rep. Langevin for his leadership on this issue and look forward to moving the bill through the legislative process.”

“FFA plays a critical role in agricultural education and workforce development in Rhode Island and across the country by allowing young people to explore exciting careers,” Langevin said.

“I’m proud to work with my fellow Career and Technical Education Caucus co-chair, Congressman Thompson, on this bill to modernize FFA’s charter, providing it with the autonomy to be innovative and an increased focus on comprehensive CTE.

“With a new charter, FFA will better fulfill its mission of developing leadership and achievement in American agricultural education.”

“About 100 organizations have federal charters, but FFA is the only one where the government has a majority of seats on the board,” said U.S. Rep. David Young (R-IA), who is an original cosponsor of the bill.

“This bill will allow the FFA to self-govern and continue the important work of educating and empowering our young people to be successful in agriculture.”

“The amendments set the stage for FFA in the 21st century and allows us to bring FFA and our operations into the future,” said Mark Poeschl, chief executive officer of National FFA.

“The one thing that has not changed is our commitment to the relevance that FFA and agricultural education continue to have in our nation’s education system. With its three integral components – classroom/laboratory instruction, supervised agricultural experiences and FFA – the agricultural education model continues to push students toward a thriving future thanks to the relevant skills learned and experience obtained. These amendments will strengthen our commitment.”

About FFA Charter

FFA was founded in 1928. Congress recognized the importance of FFA as an integrate part of vocational agriculture and in 1950 granted the organization a federal charter.

The charter also provides federal authority to create an inter-agency working agreement between the Department of Education and the Department of Agriculture that’s focused on strengthening the FFA and school-based agriculture education.

The role of education in securing a skilled, sustainable workforce in agriculture is underscored through the required involvement of the U.S. Department of Education on the National FFA Board of Directors.

Putting it in Perspective

Only about 100 organizations have charters with federal agencies. Only six organizations require their respective government agency to select one member for the board of directors.

FFA is the only organization that requires a majority of its board of directors be chosen by its partner government agency.

About H.R. 5595

The legislation introduced by Thompson and Langevin seeks to modernize the National FFA Organization’s relationship with the Department of Education to reflect agriculture education in the 21st Century.

FFA will continue to work closely with the Department of Education as well as USDA to fulfill its mission to better match the innovative and hands-on approaches that many agriculture educators are implementing across the country.

The enforcement action puts public companies on notice that the SEC doesn’t look kindly upon efforts to conceal or downplay data breaches.

Yahoo, which has renamed itself Altaba, has neither admitted nor denied the allegations – as is typical in such enforcement actions, the SEC says.

But the SEC says that despite Yahoo learning within days of a December 2014 breach that it had been attacked by Russian hackers, the search giant waited nearly two years to disclose the breach to investors. The regulator’s probe into Yahoo’s breach notification speed reportedly launched in December 2016 (see SEC Reportedly Probing Yahoo’s Breach Notification Speed).

“Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”
—Jina Choi, director of SEC’s San Francisco office

“Yahoo’s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach,” says Jina Choi, director of the SEC’s San Francisco regional office. “Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

Altaba couldn’t be immediately reached for comment.

The SEC’s enforcement action has been praised by some lawmakers. “Investors have a right to know whether companies are taking cybersecurity seriously,” says Rep. Jim Langevin, D-R.I. “[The] announcement of a $35 million fine in response to Yahoo’s failure to disclose its massive 2014 data breach is a long overdue first step toward providing real protections for investors. I agree that we should ‘not second-guess good faith exercises of judgment’ by executives, but the bias should be toward disclosing a breach, not burying it.”

Troy Hunt, an Australian data breach expert who runs the Have I Been Pwned breach notification service, says that the $35 million fine will “surely cause organizations to think a bit more” about data security.

Many organizations publicly say that security is a top priority, but that often is not necessarily reflected in their IT spending, Hunt says. “There seems to be a degree of lip service [to security],” he says.

‘Crown Jewels’ Stolen

Yahoo disclosed the 2014 breach in September 2016 as it was negotiating its sale to Verizon. Due to the severity of the breach, Verizon closed its acquisition of Yahoo in June 2017 for $4.48 billion, around $350 million lower than the initial asking price.

Under the terms of the acquisition, Yahoo must pay half of all costs related to government investigations and third-party litigation. Yahoo did not carry cybersecurity insurance.

The December 2014 breach affected 500 million users. The SEC’s order says the stolen data included Yahoo’s “crown jewels,” including email addresses, user names, phone numbers, birthdates, hashed passwords as well as unencrypted security questions and answers.

Following the breach, Yahoo filed regular SEC reports in which it only outlined the risks of a data breach without disclosing that it had been attacked. The SEC alleged that Yahoo did not share information about the breach with outside auditors or counsel “in order to assess the company’s disclosure obligations in its public filings.”

The SEC adds: “Although information relating to the breach was reported to members of Yahoo’s senior management and legal department, Yahoo failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors.”

Repeatedly Breached

Yahoo has a complicated breach disclosure history. After Yahoo disclosed the 500 million breached accounts in September 2016, it revised that tally in December 2016 to 1 billion accounts. It also said at that time attackers had forged cookies, allowing them to directly access some accounts.

Former Yahoo CEO Marissa Mayer told a Congressional committee in November 2017 that it was tough for any corporation to defend against nation-state attackers. She testified that Russian intelligence officers and state-sponsored hackers were responsible for sophisticated attacks on the company’s systems (see Former Yahoo CEO: Stronger Defense Couldn’t Stop Breaches).

A class-action lawsuit against Yahoo is still winding its way through federal court in San Jose, California. Similar to the SEC’s allegations, the plaintiffs allege Yahoo waited too long to disclose breaches. Some of the plaintiffs allege the Yahoo breaches resulted in fraudulent charges on their cards and spam in their accounts (see Federal Judge: Yahoo Breach Victims Can Sue).

One of the four men who was charged, Alexsey Belan, has been accused of using his access to Yahoo to search for credit and gift card numbers. He has also been accused of using Yahoo account information to facilitate spam campaigns.

The new version 1.1 of the Cybersecurity Framework, which was developed through public feedback collected in 2016 and 2017, includes updates to authentication and identity, self-assessing cyber risk, managing cybersecurity within the supply chain and vulnerability disclosure.

“This update refines, clarifies and enhances version 1.0,” said Matt Barrett, program manager for the Cybersecurity Framework. “It is still flexible to meet an individual organization’s business or mission needs, and applies to a wide range of technology environments such as information technology, industrial control systems and the internet of things.”

NIST also plans to release an updated Roadmap for Improving Critical Infrastructure Cybersecurity later this year as a companion to the framework.

“Engagement and collaboration will continue to be essential to the framework’s success,” said Barrett. “The Cybersecurity Framework will need to evolve as threats, technologies and industries evolve. With this update, we’ve demonstrated that we have a good process in place for bringing stakeholders together to ensure the framework remains a great tool for managing cybersecurity risk.”

The NIST Cybersecurity Framework has featured heavily in recent government IT and cybersecurity initiatives, and received a callout in the White House IT Modernization report released in December 2017.

In a news release, Rep. Jim Langevin, D-R.I., applauded the update for keeping the framework relevant in the face of a changing cyber landscape:

“In the four years since its release, countless organizations have used the NIST Cybersecurity Framework to voluntarily assess their cybersecurity risk posture, identify gaps, and prioritize security best practices. As demonstrated by the Russian government’s targeting of our election systems, however, the cybersecurity threats to our critical infrastructure continue to evolve. Today’s release marks an important evolution of the Framework that will ensure it remains relevant as risk management practices change to keep pace with the threat.”

Langevin added that, while the framework now has many positive additions, the update process did miss out on an opportunity to offer more concrete guidance on ways to quantify risk.

Industry, too, offered support for the new changes.

“There’s a lot to like in the new Framework, but one area where they made big strides is on supply chain risk management,” said David Damato, chief security officer at Tanium.

“2017 was the year of the supply chain attack, with attacks from NotPetya to CCleaner originating with a breach of a company’s third-party partner. The increasing attention NIST is bringing to this issue, and the standardized language they offer, will go a long way in helping organizations better understand the risks associated throughout their supply chain.”

NIST plans to host a webcast on the updated framework April 27, 2018, and the framework will also feature heavily at the agency’s Cybersecurity Risk Management Conference in November 2018.

In separate statements issued Friday, Rep. Jim Langevin and Sen. Sheldon Whitehouse explicitly supported the decision, while Rep. David N. Cicilline and Sen. Jack Reed were more circumspect. They are all Democrats; Trump is a Republican.

“I believe the response taken tonight by the United States in launching an air strike in Syria following the morally reprehensible war crimes committed by Bashar al-Assad when he deployed chemical weapons, killing innocent children and civilians, is justifiable, and I support this decision,” Langevin said in his statement.

“Moving forward, the President must consult with Congress to determine how the United States will deal with Assad’s regime and determine what our strategic objectives will be,” Langevin said. “No nation has the right to use chemical weapons against innocent civilians and the world must speak with one voice condemning the actions of President Assad.”

Whitehouse said: “We have witnessed yet another atrocious act by the Assad regime against its own people, and we are called to conscience. Last night’s military action in Syria met my standards for responding to atrocity: a limited action; with a clear objective; that is not the beginning of American ‘boots on the ground’ military operations.”

Categories

Get Involved

Make a difference in this election and send Jim Langevin back to Washington! From a social media follow to volunteering, your time and talent can help Team Langevin continue to fight for all of Rhode Island.